Call for testing: OpenSSH 6.7

Damien Miller djm at mindrot.org
Wed Aug 20 11:07:09 EST 2014 

On Tue, 19 Aug 2014, Kevin Brott wrote:

> AIX6/7 + gcc 4.2.0/4.4.7 passes all tests fine with the library explicitly
> substituted for the -L -l construct.  I'll work out a patch that does this
> automagically as soon as I work out where it should go, unless someone has a
> better idea

I think we can just do this unconditionally. (patch below)

>       FAIL*1 - Shouldn't this have been caught by configure?
>            gcc -g -O2 -Wall -Wpointer-arith -Wuninitialized
..
>            In file included from openssl-compat.c:32:
>            openssl-compat.h:28:2: #error OpenSSL 0.9.8f or
>       greater is required

good point; patch below.

>       FAIL*2 - Different AIX failure on old openssl ...
>                    gcc -g -O2 -Wall -Wpointer-arith
>       -Wuninitialized -Wsign-compare -Wformat-security
>       -Wno-pointer-sign -fno-strict-aliasing -D_FORTIFY_SOURCE=2
>       -ftrapv -fno-builtin-memset  -I. -I.. -I. -I./.. 
>       -DHAVE_CONFIG_H -c port-aix.c
>            In file included from ../key.h:29,
>                             from port-aix.c:31:
>            ../sshkey.h:34:24: error: openssl/ec.h: No such file
>       or directory
>            In file included from ../key.h:29,
>                             from port-aix.c:31:
>            ../sshkey.h:103: error: expected
>       specifier-qualifier-list before 'EC_KEY'
>            ../sshkey.h:149: error: expected ')' before '*' token
>            ../sshkey.h:151: warning: type defaults to 'int' in

patch below

all these are committed and will be in the 0821 snapshot

Index: Makefile.in
===================================================================
RCS file: /var/cvs/openssh/Makefile.in,v
retrieving revision 1.362
diff -u -p -r1.362 Makefile.in
--- Makefile.in	18 Jul 2014 20:33:12 -0000	1.362
+++ Makefile.in	20 Aug 2014 01:01:09 -0000
@@ -456,7 +456,7 @@ UNITTESTS_TEST_SSHBUF_OBJS=\
 regress/unittests/sshbuf/test_sshbuf$(EXEEXT): ${UNITTESTS_TEST_SSHBUF_OBJS} \
     regress/unittests/test_helper/libtest_helper.a libssh.a
 	$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_SSHBUF_OBJS) \
-	    -L regress/unittests/test_helper -ltest_helper \
+	    regress/unittests/test_helper/libtest_helper.a \
 	    -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
 
 UNITTESTS_TEST_SSHKEY_OBJS=\
Index: configure.ac
===================================================================
RCS file: /var/cvs/openssh/configure.ac,v
retrieving revision 1.578
diff -u -p -r1.578 configure.ac
--- configure.ac	15 Jul 2014 00:41:39 -0000	1.578
+++ configure.ac	20 Aug 2014 01:01:09 -0000
@@ -2278,13 +2278,21 @@ AC_RUN_IFELSE(
 	if(fd == NULL)
 		exit(1);
 
-	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(), SSLeay_version(SSLEAY_VERSION))) <0)
+	if ((rc = fprintf(fd ,"%x (%s)\n", SSLeay(),
+	    SSLeay_version(SSLEAY_VERSION))) <0)
 		exit(1);
 
 	exit(0);
 	]])],
 	[
 		ssl_library_ver=`cat conftest.ssllibver`
+		# Check version is supported.
+		case "$ssl_library_ver" in
+			0090[0-7]*|009080[0-5]*)
+				AC_MSG_ERROR([OpenSSL >= 0.9.8f required])
+		                ;;
+		        *) ;;
+		esac
 		AC_MSG_RESULT([$ssl_library_ver])
 	],
 	[
Index: sshkey.h
===================================================================
RCS file: /var/cvs/openssh/sshkey.h,v
retrieving revision 1.1
diff -u -p -r1.1 sshkey.h
--- sshkey.h	2 Jul 2014 05:28:04 -0000	1.1
+++ sshkey.h	20 Aug 2014 01:01:09 -0000
@@ -31,13 +31,19 @@
 #ifdef WITH_OPENSSL
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
-#include <openssl/ec.h>
-#else /* OPENSSL */
-#define RSA		void
-#define DSA		void
-#define EC_KEY		void
-#define EC_GROUP	void
-#define EC_POINT	void
+# ifdef OPENSSL_HAS_ECC
+#  include <openssl/ec.h>
+# else /* OPENSSL_HAS_ECC */
+#  define EC_KEY	void
+#  define EC_GROUP	void
+#  define EC_POINT	void
+# endif /* OPENSSL_HAS_ECC */
+#else /* WITH_OPENSSL */
+# define RSA		void
+# define DSA		void
+# define EC_KEY		void
+# define EC_GROUP	void
+# define EC_POINT	void
 #endif /* WITH_OPENSSL */
 
 #define SSH_RSA_MINIMUM_MODULUS_SIZE	768
@@ -211,12 +217,16 @@ int ssh_ed25519_verify(const struct sshk
     const u_char *data, size_t datalen, u_int compat);
 #endif
 
-#ifndef WITH_OPENSSL
-#undef RSA
-#undef DSA
-#undef EC_KEY
-#undef EC_GROUP
-#undef EC_POINT
-#endif /* WITH_OPENSSL */
+#if !defined(WITH_OPENSSL)
+# undef RSA
+# undef DSA
+# undef EC_KEY
+# undef EC_GROUP
+# undef EC_POINT
+#elif !defined(OPENSSL_HAS_ECC)
+# undef EC_KEY
+# undef EC_GROUP
+# undef EC_POINT
+#endif
 
 #endif /* SSHKEY_H */

More information about the openssh-unix-dev mailing list